In a move to bolster the security of digital transactions, the Reserve Bank of India (RBI) has proposed new guidelines aimed at introducing additional layers of authentication. On Wednesday, the central bank unveiled a draft policy under the title 'Alternative Authentication Mechanisms for Digital Payment,' focusing on enhancing transaction safety.
The proposed guidelines call for the incorporation of an additional authentication factor that is dynamically generated for each transaction. This new layer involves using a time-sensitive password or PIN, which is created specifically for the transaction at hand and cannot be reused. Currently, the standard for digital transaction authentication is the SMS-based OTP (one-time password).
According to the RBI, "All digital payment transactions shall be authenticated with an additional factor(s) of authentication (AFA), unless exempted otherwise in this framework." Furthermore, the RBI specifies that "All digital payment transactions, other than card present transactions, shall ensure that one of the factors of authentication is dynamically created, i.e., the factor is generated after initiation of payment, is specific to the transaction, and cannot be reused."
The directive mandates that all payment system providers, including banks and non-banks, comply with these guidelines within three months from the date of issuance. However, certain transactions such as small value contactless card payments up to Rs 5,000 at point of sale terminals, e-mandates for recurring transactions, and small value digital payments through offline modes will be exempt from these requirements.
Experts believe these guidelines are a proactive step toward mitigating digital fraud. By introducing a dynamically generated authentication factor, the risk of financial loss due to fraudulent activities, including phishing scams targeting OTPs, is significantly reduced. Additionally, the RBI has emphasized that issuers must provide near real-time alerts for all eligible digital payment transactions to further safeguard consumers.
These proposed changes are set to enhance the overall security of digital transactions, ensuring a more robust defense against unauthorized access and fraud.
CAclubindia
